The Target of the Engagement

Red Tech Lead
Engagement Objectives
Conditions
Threat level
Targeted objectives
Targets of opportunity
Measures of success/failure
Authorized Target Space
Network
The IP boundaries of the event
Domains and workgroups
Specific off-limits areas and resources (e.g. non-target intellectual property file share)
Off-limits machines, networks, equipment, or applications (blacklist)
Maintenance windows
●
Physical
Areas of the campus
Buildings
Offices
Off-limits areas (e.g., the emergency services sector of a medical complex)
Off-limits materials within the target space (e.g., sensitive documents or equipment)
Authorized Actions: Types of activities approved for the engagement
Restricted Actions: Types of activities restricted during the engagement (if any)
Approval Process
The process for requesting approval of additional activities during engagement execution
Approval process
Points of contact (name, role, phone, email, office location)
Alternate POC
The ROE must be updated when the target space, authorized actions, objectives, or scope are changed. For instance, the original scope maybe limited to computer network attacks. If physical attacks are planned, the ROE must be updated to reflect the additional activities and controls. The
Red Team Lead will address suggestions or adjustments to the ROE. Each review must be provided to the originator. The final ROE must be signed by a Trusted Agent in senior management of the target environment.

Download 4.62 Mb.

Share with your friends: